How To Remove WordPress User ID 1

Posted in Tutorials

The WordPress admin user that is automatically created for you when you first install WordPress is known as WordPress user with id of 1.  This is because in the _users database table, the record id for the admin user is 1.  As you can see here …

Hack attackers take advantage of this fact and deploy exploits against user id 1 to possible reset its password.  Hence to enhance security it is best to not even have an user id 1.

The solution is to remove the user id 1 is to give it another id number.  It is a bit difficult to change the id number in the database manually because other tables (such as the usermeta table) will reference this id.

One way to do it is to install “iThemes Security” plugin and it has a feature to rename this user id for you.

1.  After installation of iTheme Security plugin, go to “Security -> Dashboard” and see a Medium Priority item saying …

“A user with id 1 still exists”

2.  Click the “Fix it” button that is next to that.  And it will take you to the “Admin User” settings which is in the iThemes Security’s “Advanced” tab. …

3.  Checkmark “Enable Change Admin User” and then it will show you the “Change User ID 1” setting, which you should then checkmark as well (see above screen shot).

4. Click “Save Admin User”.  As recommended, it is a good idea to have a good backup before doing this in case something goes wrong in the process.  The iThemes Security plugin has a feature to backup the database.

5.  After clicking the “Save Admin User” button, you will be logged out.

6.  Log back in.  Everything should look and work the same.  But if you look into the database.  The user is no longer id 1.  It bumps it up to the next available id — would have been nice if it made it an random id.  But still it is an improvement in security since most attacker scripts will be only looking for the id 1.

 

 

 

---